The continuous development of automation has brought new security challenges to companies. Today, industrial security is indispensable for ensuring safety. Security must encompass both direct contact with machinery and equipment, as well as digital access to controllers and processes via networks.
Safety requirements stipulate that the residual risk of machinery and equipment must not exceed acceptable levels. This includes not only hazards surrounding the equipment but also hazards within the equipment. Industrial security involves protecting machinery and equipment from unauthorized external access and protecting sensitive data from damage, loss, and unauthorized internal access. This includes both confirmed attacks and unintended security incidents.
For a long time, security has played a central role in traditional IT, which is why there are a series of standards, such as " ISO/IEC 27000 Information Technology—Security Technology—Information Security Management Systems—Overview and Glossary ( ISO/IEC 27000:2016 ) ; German version EN ISO/IEC 27000 : 2017 ". However, automating these requirements is not so simple. The most important factor is data availability, a key requirement for maintaining a smooth production process. Furthermore, in IT , data confidentiality is paramount.
Various organizations are developing appropriate standards to achieve effective automated security solutions. However, these standards describe specific aspects, such as the distinction between security and safety, and more importantly, they are neither drafts nor official standards, but merely technical references.
In contrast, IEC 62443 "Industrial communication networks—Security of networks and systems" is an international series of standards that comprehensively addresses IT security issues in automation, covering a range from system integration to equipment operation to the development of security products (safety in design). Therefore, IEC 62443 currently provides the best guidance for equipment operators and manufacturers to effectively implement security.
The " ICS Security Overview" published by the Federal Information Security Bureau ( BSI) is specifically designed for operators of industrial control systems. It outlines fundamental principles, specific requirements, and relevant standards, and introduces appropriate measures, explaining the concrete methods for implementation.
IEC 62443 and the " ICS Safety Overview" are better suited for experts, while VDI guide VDI/vde2182 provides a relatively simple introduction to the relevant topics. Given the complexity of industrial security, it is advisable to involve external experts, except during the implementation phase.
Security and safety, while treated as a whole, are logically separate and independent, representing the most efficient solution. What exactly is this solution?
Machine access concept
The era of establishing safety based on strict separation of humans and machines is over. Production processes are becoming increasingly dynamic, and with rising efficiency demands, the need for controlled access to these processes is constantly increasing, gradually changing the safety technologies employed. Access points to equipment or processes are crucial and must be protected against unauthorized opening (intentional or unintentional), and it must be ensured that no one is in the danger zone when the machine is running. These classic safety tasks are often accomplished using various sensor technologies, from light curtains to safety door systems.
Now, it is essential to be able to work within the designated testing area of the equipment without disrupting the entire production process. Who can do what on which machine and when? Only those who can answer these questions can create higher productivity.
The PITmode operating mode selection and access authorization system integrates safety and security functions into a single system. These devices can perform both functionally safe mode selection and access control for machinery. PITmode can be selected when machinery needs to switch between different control sequences and operating modes as required . RFID -coded transmitter keys allow for the assignment of machine start permissions to each employee that matches their capabilities. A safety assessment unit detects specified operating modes, such as automatic mode, manual intervention mode under limited conditions, or service mode, evaluates them, and provides functionally safe switching. Therefore, it prevents misuse and manipulation, protecting both people and machines.
The system solution includes the configurable, compact controllers PNOZmulti 2 and PITmode , enabling comprehensive access control and functional safety operating mode selection. This extended system solution covers all possibilities, from enabling and authenticating a specific sub-function of the machine to complex hierarchical permission matrices. Therefore, it provides user-friendly configuration of access permissions and high levels of protection against manipulation. This further simplifies anti-manipulation management, allowing users to benefit from less downtime.
By adding secure sensor technology to points of proximity to machines, users will gain a flexible security concept —not just from a security perspective: it also considers security aspects such as user authentication, qualification verification, and access protection.
If machines and industrial processes become intelligently networked, these networks become vulnerable, which is where future machines will need greater protection: Pilz's Application Firewall Security Bridge can protect controllers such as the configurable secure mini controller PNOZmulti and the automation system PSS4000 from network-based attacks and unauthorized access.
SecurityBridge industrial security bridges can connect upstream of the controller base unit, acting as a VPN server to create a virtual private network connecting one or more client PCs . This ensures secure connections between PCs and devices. Only users with the appropriate permissions can make changes to project configurations, preventing unauthorized access to the protected network. Data transmission between client PCs and SecurityBridge is also protected from eavesdropping and manipulation.
Unlike typical firewalls, they don't require complex configuration: application-specific default settings and a plug-and-play approach make debugging easier. SecurityBridge can also control the flow of process data and monitor the integrity of the security system. Changes to checksums provide information about any changes to the application project. Pilz also referenced security procedures conforming to TUV IEC 62443-4-1 during the development of SecurityBridge .
From the outset, threat scenarios and the advantages and disadvantages of protocols or encryption methods were considered. For security, it's not just about having the necessary technology; threat awareness is also crucial. Whether it's computers or machinery, humans always play a critical role. An insecure port or recklessly opening a dangerous email can be enough to allow malware to access the corporate network.
If unauthorized personnel can access machinery and equipment through IT systems, then even the best door protection or access control is meaningless. A holistic security approach is needed, considering both mechanical safety and industrial security. Security vulnerabilities can lead to substandard quality or unexpected machine downtime. Therefore, for the protection of machinery and equipment, it is even more important to ensure that only authorized personnel can enter the factory or equipment area and to prevent external attacks from manipulating the control system.
Sustainable automation solutions must consider safety from the outset. Safety should not be understood merely as hardware, but as a function, far exceeding purely technical considerations.
